This workshop will introduce mobile device security and its risks for your organisation. After discussion of the general threats, vulnerabilities and risks of mobile device integration, the iOS device specific features and vulnerabilities will be presented along with several attack scenarios and forensic methodologies. For secure enterprise integration useful mitigating controls will be shown with practical examples on how to implement them. We will demonstrate mobile device management solutions along with additional controls like MobileMe, FindMyIphone and so forth. Also not only technical controls will be discussed but also e.g. how to cover mobile devices within your organisations IT security policy. Last but not least we will comment on current papers and publications.

This willl be a practical workshop where you can test the various things in small hands-on sessions. We will provide you with some iPhones and iPads. Your own devices are welcome, too

Agenda

• Definition mobile devices
• Threats & vulns of mobile devices
• Architecture of  iOS based devices
• Security features and iOS versions
• Specific threats und vulns of iPhone and iPad
• Data extraction (forensic tools, backups, …)
• Overview: Realistic attack szenarios
• ERNW Rapid Risk Assessment
• Mitigating controls
• Policies / configuration profiles
• Mobile device management architecture and solutions
• Additional controls like MobileMe, FindMyiPhone
• Analysis of iOS apps
• Mobile device security policy
• Comments on current papers (ERNW, Gartner, Fraunhofer)

This workshop is held by Rene Graf and Michael Thumann. Both senior security consultants @ ERNW.

We are looking forward to an interesting workshop with you!
The ERNW / TROOPERS Team